Question

Access control" - Several "Access control" best practices were introduced this week. What is the goal of "Access control"? Which "Access control" best practices would you recommend be implemented in a company accounting department?

Answer 1

Answers: Let us first understand about access control:

Access control is a kind of security technique that ensures that who can access/ view an appropriate use of company data. It has two main components i.e. authentication and authorization, this is a high level of access control and is a selective restriction of access data.

Goal of access control:

The primary goal of access control is to minimize the risk of security of unauthorized access to the both the physical as well as computational system. An access control system can provide the quick and convenient access to those users who are authorized for it. So let us briefly understand in the following point.

Assurance: To provide best security an access control follows the following parts such as authentication, accountability ,confidentiality, integrity , availability play the role.

• Authentication: It confirm about identity of the user and provide access to a particular user.

• Confidentiality: It is about maintaining privacy so that users data is confidential which means the data should be accessed by the authorized user only.

• Integrity: This ensure that the accurateness and completeness of the information. And therefore preventing deliberate of partial or complete destruction or unauthorsied modification of data.

• Accountability: It is an essential part of security plan which means that every individual who are working with the system must have a specific information assurity. Or in other words we can say individual must have a security plan/safe guard.

• Availability: The information should only be accessible to the required user. In order to provide reliable access control one must be able to access control object that will be available for access control subject. Common attack which can which impact availability is Dos(Denial of service) in which intruder try to interrupts access to information of system, devices and a networks. So in order to avoid availability of data it become necessary to include redundancy path.

Best practices of access control that would be recommend to implemented in a company accounting department:

Using an updated system: One of the most essential practice for an accounting company. A user data is the whole thing for the accounting purpose so in order to avoid system conflicts an organisation should provide with a latest updates system.

Applying privilege access control: It is the best technique to set up access control. In this access is provided only to the persons who are explicitly in need.

Saving data in could: An accounting organization should have a high security cloud storage system so that an essential data can be uploaded to the cloud storage. A department can't only rely on the system storage.

Strong access: Employees should be encourages to change their password on the regular basis and it should be strong ones.

Software Installation: An accounting department should purchase the authorized software and keep timely update if needed they should only install the application which is necessary for the organization:

Strong policy: There is a chance that an ex-employee can leak the organisation data to some other company.Therefore a policy should be made tight so that no user share the data. The organisation should only provided access until he/she is an employee of the department. Every employee should have a unique id and it should be valid for only he/she is working there.